At a glance:

Endpoint Vulnerability

Use-after-free during HTML5 parsing

Description

Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.